Re: Security flaw: subversion stores passwords by default

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Thu, 20 Mar 2008 16:13:50 -0500

Karl Fogel wrote:
>
>> Currently svn provides both choices - it will store the password for
>> you or you can choose to not store as well. But we could look at his
>> argument as to keep the same two choices, but just make the default to
>> not store the password. The config parameter can be changed by users
>> if they wish to (to make store-passwords to 'yes' to make it store the
>> password).
>
> Sure. But we had this discussion years ago; we didn't just flip a coin
> to choose the current way, we really hashed out the pros and cons.
> (Hadmut may not have realized that, of course, since it was a long time
> ago.)

What does firefox do when you check the 'remember this password' box -
and can you use whatever library/api they use?

-- 
    Les Mikesell
     lesmikesell_at_gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org

Received on 2008-03-20 22:10:47 CET

This message: [ Message body ]
Next message: Hadmut Danisch: "Re: Security flaw: subversion stores passwords by default / Proposal"
Previous message: Laker Netman: "Fw: svnserve on W2K3"
In reply to: Karl Fogel: "Re: Security flaw: subversion stores passwords by default"
Next in thread: Paul Koning: "Re: Security flaw: subversion stores passwords by default"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]